CN102542196B - 一种恶意代码发现和预防方法 - Google Patents
一种恶意代码发现和预防方法 Download PDFInfo
- Publication number
- CN102542196B CN102542196B CN201110375297.6A CN201110375297A CN102542196B CN 102542196 B CN102542196 B CN 102542196B CN 201110375297 A CN201110375297 A CN 201110375297A CN 102542196 B CN102542196 B CN 102542196B
- Authority
- CN
- China
- Prior art keywords
- malicious code
- kernel objects
- title
- kernel
- objects
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 68
- 230000002265 prevention Effects 0.000 claims abstract description 17
- 230000008569 process Effects 0.000 claims description 41
- 230000026676 system process Effects 0.000 claims description 3
- 208000015181 infectious disease Diseases 0.000 claims 3
- 230000000903 blocking effect Effects 0.000 claims 1
- 238000001514 detection method Methods 0.000 abstract description 15
- 238000001914 filtration Methods 0.000 abstract description 8
- 230000003068 static effect Effects 0.000 abstract description 6
- 238000012544 monitoring process Methods 0.000 abstract description 3
- 230000006870 function Effects 0.000 description 8
- 230000007123 defense Effects 0.000 description 4
- 230000002155 anti-virotic effect Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 230000013011 mating Effects 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000035772 mutation Effects 0.000 description 3
- 230000003612 virological effect Effects 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012512 characterization method Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000036039 immunity Effects 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
Description
Claims (3)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110375297.6A CN102542196B (zh) | 2011-11-23 | 2011-11-23 | 一种恶意代码发现和预防方法 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201110375297.6A CN102542196B (zh) | 2011-11-23 | 2011-11-23 | 一种恶意代码发现和预防方法 |
Publications (2)
Publication Number | Publication Date |
---|---|
CN102542196A CN102542196A (zh) | 2012-07-04 |
CN102542196B true CN102542196B (zh) | 2014-09-17 |
Family
ID=46349063
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201110375297.6A Active CN102542196B (zh) | 2011-11-23 | 2011-11-23 | 一种恶意代码发现和预防方法 |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN102542196B (zh) |
Families Citing this family (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102902919B (zh) * | 2012-08-30 | 2015-11-25 | 北京奇虎科技有限公司 | 一种可疑操作的识别处理方法、装置和系统 |
CN103809955B (zh) * | 2012-11-15 | 2018-10-09 | 腾讯科技(深圳)有限公司 | 结束进程的方法和装置 |
CN105303111B (zh) * | 2015-10-16 | 2019-02-15 | 珠海豹趣科技有限公司 | 一种用户终端中恶意进程的识别方法、装置及用户终端 |
CN108875357B (zh) * | 2017-12-20 | 2020-05-12 | 北京安天网络安全技术有限公司 | 一种程序启动方法、装置、电子设备及存储介质 |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101206692A (zh) * | 2006-12-20 | 2008-06-25 | 联想(北京)有限公司 | 检测进程的方法及设备 |
CN101373505A (zh) * | 2008-06-17 | 2009-02-25 | 华为技术有限公司 | 释放句柄的方法、装置及文件删除系统 |
CN102243699A (zh) * | 2011-06-09 | 2011-11-16 | 深圳市安之天信息技术有限公司 | 一种恶意代码检测方法及系统 |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20080320594A1 (en) * | 2007-03-19 | 2008-12-25 | Xuxian Jiang | Malware Detector |
-
2011
- 2011-11-23 CN CN201110375297.6A patent/CN102542196B/zh active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101206692A (zh) * | 2006-12-20 | 2008-06-25 | 联想(北京)有限公司 | 检测进程的方法及设备 |
CN101373505A (zh) * | 2008-06-17 | 2009-02-25 | 华为技术有限公司 | 释放句柄的方法、装置及文件删除系统 |
CN102243699A (zh) * | 2011-06-09 | 2011-11-16 | 深圳市安之天信息技术有限公司 | 一种恶意代码检测方法及系统 |
Also Published As
Publication number | Publication date |
---|---|
CN102542196A (zh) | 2012-07-04 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Rasthofer et al. | Harvesting runtime values in Android applications that feature anti-analysis techniques. | |
US9679136B2 (en) | Method and system for discrete stateful behavioral analysis | |
US10055585B2 (en) | Hardware and software execution profiling | |
US20240012907A1 (en) | Cloud based just in time memory analysis for malware detection | |
US7934261B1 (en) | On-demand cleanup system | |
EP3756121B1 (en) | Anti-ransomware systems and methods using a sinkhole at an electronic device | |
US8307434B2 (en) | Method and system for discrete stateful behavioral analysis | |
US11151252B2 (en) | Just in time memory analysis for malware detection | |
US20070180529A1 (en) | Bypassing software services to detect malware | |
RU2726032C2 (ru) | Системы и способы обнаружения вредоносных программ с алгоритмом генерации доменов (dga) | |
CN102542196B (zh) | 一种恶意代码发现和预防方法 | |
US10515213B2 (en) | Detecting malware by monitoring execution of a configured process | |
US20130160124A1 (en) | Disinfection of a File System | |
CN103679013A (zh) | 系统恶意程序检测方法及装置 | |
CN105550581A (zh) | 一种恶意代码检测方法及装置 | |
US10902122B2 (en) | Just in time memory analysis for malware detection | |
KR101431192B1 (ko) | 모바일 단말의 루팅 공격 이벤트 검출 방법 | |
JP5613000B2 (ja) | アプリケーション特性解析装置およびプログラム | |
Stirparo et al. | In-memory credentials robbery on android phones | |
CN112395603B (zh) | 基于指令执行序列特征的漏洞攻击识别方法、装置及计算机设备 | |
CN115270126B (zh) | 一种检测Java内存马的方法、装置、电子设备及存储介质 | |
CN101719892A (zh) | 一种计算机防护方法 | |
CN104778406A (zh) | 一种基于文件指纹对恶意代码统一命名的方法及其系统 | |
Park | Malware expert: Execution tracking | |
CN115391793B (zh) | 一种基于FlowDroid工具的实时漏洞检测系统、方法与存储介质 |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C53 | Correction of patent for invention or patent application | ||
CB02 | Change of applicant information |
Address after: 100080 Haidian District City, Zhongguancun, the main street, No. 1 Hailong building, room 1415, room 14 Applicant after: Beijing Antiy Electronic Installation Co., Ltd. Address before: 100084, 2B-521, bright city, No. 1, Nongda South Road, Beijing, Haidian District Applicant before: Beijing Antiy Electronic Installation Co., Ltd. |
|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CP03 | Change of name, title or address | ||
CP03 | Change of name, title or address |
Address after: 100080 Beijing city Haidian District minzhuang Road No. 3, Tsinghua Science Park Building 1 Yuquan Huigu a Patentee after: Beijing ahtech network Safe Technology Ltd Address before: 100080 Haidian District City, Zhongguancun, the main street, No. 1 Hailong building, room 1415, room 14 Patentee before: Beijing Antiy Electronic Installation Co., Ltd. |
|
PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Method for finding and preventing malicious codes Effective date of registration: 20190719 Granted publication date: 20140917 Pledgee: Bank of Longjiang, Limited by Share Ltd, Harbin Limin branch Pledgor: Beijing ahtech network Safe Technology Ltd Registration number: 2019230000008 |
|
PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
PC01 | Cancellation of the registration of the contract for pledge of patent right |
Date of cancellation: 20210810 Granted publication date: 20140917 Pledgee: Bank of Longjiang Limited by Share Ltd. Harbin Limin branch Pledgor: BEIJING ANTIY NETWORK TECHNOLOGY Co.,Ltd. Registration number: 2019230000008 |